The specific flaw exists within the "create_session_bab" SOAP operation, which is handled by the xosoapapi.asmx process that is crucial to the remote administration of both the High Availability and the Replication products. By sending a specially crafted POST request to the xosoapapi.asmx process a remote, unauthenticated attacker can trigger a buffer overflow condition that results in arbitrary code execution under the context of the SOAP server process.